Thank you all so much for coming to spend 45 minutes with the ACLU.
We appreciate it a lot.
This year there are not Q&A rooms, so we hope that those of you who want to continue the
conversation will come to our table in the vendor room where you can become members or
renew your membership, get our new DEF CON special edition ACLU Fourth Amendment T-shirts.
We would love to see you there.
My name is Ben Weisner.
I direct our national project on speech privacy and technology.
The women and men at the table with me work on surveillance, national security, technology,
privacy both in our national office and in some of our affiliates around the country.
So when we heard that the NSA had been disinvited from DEF CON this year, we kind of scratched
our heads.
Since when has the NSA needed to be invited?
We had planned to do a review that we were going to call a year in surveillance and talk
to you about the breadth and scope of the work that we do on privacy and surveillance.
And then Ed Snowden got on a plane to Hong Kong and really changed everything.
So maybe we should give him a hand.
And what he revealed is something that many of us were anxious about, knew about, had
worried about for years, which is that the NSA's strategy has been to collect everything
and worry about the law later.
.
. . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
And we believe that Americans' privacy should be protected by constitutional law, not by
Moore's law.
So my colleagues here are going to talk briefly.
There's five of them.
We have only 45 minutes.
And we do hope to have time for a couple of questions to give you a taste of the kind
of work that we are doing with regard to NSA surveillance.
And we hope that many of you will join us at our table.
We also have one of the parties tonight on the pub crawl party like it's 1986.
That is ACLU ECPA humor.
So we hope to see more of you all later.
And to kick us off, this is Alex Abdo from our National Security Project.
ALEX ABDO, Hi, everyone, and thanks so much for coming.
So ‑‑
I want to talk just for a few minutes about the PRISM program which was revealed
a couple of months ago by Ed Snowden.
But before I get to the PRISM program, I want to talk about what there was before the PRISM
program and what we were doing beforehand because it's a really fascinating change of
events in the last two months.
In 2008, Congress passed the most sweeping surveillance statute that Congress has ever
passed, called the FISA Amendments Act of 2008, and it essentially gives the NSA and
the government unfetter access to Americans' international communications.
And we challenged the law at that time because we didn't think that the fact that someone
is communicating internationally means they should sacrifice their right to privacy.
That in today's interconnected world, you can't often control the way your packets are
all scurried around the world and your right to privacy shouldn't depend on the paths they
take and the friends you choose to associate with.
We brought that challenge in 2008.
And for the next five years, we didn't actually litigate the merits of whether the government
can collect our international communications.
We spent five years debating with the government whether our clients were allowed to sue.
And our clients were lawyers who represented Guantanamo detainees, human rights researchers
and activists who worked in areas of the world where there was significant violence and counterterrorism
interest on the part of the U.S. government, and journalists who reported on those areas,
the very sorts of people who would find themselves trapped in an international NSA surveillance
dragnet.
And for that reason, these individuals, our plaintiffs, our clients, took significant
and burdensome measures to protect the confidentiality of their communications.
Some of them had ethical obligations to do so.
Others just thought it was good professional responsibility.
Despite that fact.
The government argued that we couldn't sue unless our clients could prove that their
communications were surveilled.
And if you know anything about the NSA, you know that's a vicious catch 22.
Nonetheless, the government prevailed in front of the Supreme Court in February in
a decision, a 5 to 4 decision, holding that the government's most sweeping surveillance
statute ever enacted is essentially immune from judicial review unless the NSA in its
benevolence chooses to disclose.
I don't recommend you hold your breath.
So that all changed two months ago when Ed Snowden disclosed the existence of the PRISM
program.
And the PRISM program is essentially one version of an implementation of the FISA Amendments
Act.
It is a small part of the way the government conducts its international surveillance.
But it's authorized by this very same statute that was passed in 2008.
And some of the most important disclosures.
That Mr. Snowden made are of the procedures that the government uses to select its targets
and to protect the privacy in theory of Americans who find themselves ensnared in the international
dragnet.
And having seen those procedures now, we know that they never should have been secret
in the first instance.
But they reveal a number of really critically important things about the way the government
conducts its surveillance.
The government's main defense if you've been reading the news about the PRISM program is
that it's a program directed at foreigners.
Not Americans.
And I think that's an extraordinarily misleading defense of the program.
When the government was pushing for the passage of this act, actually to a predecessor of
the statute, it argued that some of the communications of most interest to the NSA were the ones
that had one terminus in the United States.
And you can imagine for obvious reasons why that would be the case.
But the government used the fact that Americans were communicating internationally essentially
to bootstrap away their rights to privacy.
So even though foreigners have to be the targets of the government surveillance, Americans'
communications are inevitably swept up into them.
And you might think that because the government calls the collection of Americans' communications
incidental under these programs, you might think that they would treat them as incidental
and delete them when they get them.
We now know, thanks to Ed Snowden, that that's not the case.
The government is allowed to keep even Americans' communications in the course of targeting
foreigners.
For five years in any event.
And indefinitely if any of a number of sweeping exceptions apply.
One of the exceptions, by the way, is if the information is encrypted.
So ironically, as we are now seeing a push in the industry for greater use of HTTPS and
encrypted communications, we are actually handing the NSA more authority to retain those
communications indefinitely until a time that they can decrypt them if they can't already.
The second big problem with the government's ‑‑ the second big problem with the government's
targeting of foreigners is that it presumes its targets are foreign unless it has a reason
to believe otherwise.
Which is a really bizarre way of going about it, you can imagine.
So if the government has any doubt as to where you are, and they don't have any positive
indication that you are an American, they will treat you as a foreigner and targetable
and they will retain your communications even if they later discover that they were
wrong.
So they think you are a foreigner.
It turns out you are not.
But they keep your communications anyway.
Imagine the types of services available digitally now that would give the government the doubt
they need about your foreignness to allow them to keep your communications.
You can think of services like tour or VPN services.
The final problem, major problem I find with the government's defense of its prison program
is that it says the program is supposedly limited to foreign intelligence information,
which is this phrase they bandy about, which really has very little meaning.
It includes things as broad as the name of the program.
Broad as the foreign affairs of the United States, which essentially makes a target out
of everyone who is a foreigner.
And we know that in part because the procedures that were released by Ed Snowden confirmed
that two of the broadest factors the government relies on in determining whether someone is
exchanging foreign intelligence information are one, if you are communicating with a foreigner,
and two, if your phone number or e‑mail address appears in a foreigner's contact book.
And the presumption that you are a foreigner is that virtually every international communication
is susceptible to NSA surveillance.
They can keep those communications even if they later discover that you're an American.
Just two quick additional points and then I'll hand it over.
First that the government is not actually limited to directing its surveillance at targets.
It can direct its surveillance at third parties to collect information about its targets.
And it can do so using IP filtering and country code filtering.
And the example that I think has been thrown out is that they might decide that Osama bin
Laden is a target and then decide to IP filter Internet traffic for everything going into
or out of Pakistan as their filter and then collect everything.
So the PRISM program allows the government to do broad geographic surveillance in a way
that ensures that countless people's right to privacy are unjustifiably intruded upon.
And secondly, the government considers that any extensive use of an IP range or cryptographic
service by foreigners allows the NSA to target that IP range or cryptographic service.
So if there is a service like tour, for example, that is used extensively by foreigners, and
who knows what that means in the context of terrorists.
There are not so many terrorists in the world, we hope, so if it doesn't of them are using
tour.
TOR that might justify the government in collecting everything that's going on over TOR to allow
traffic analysis and maybe later decryption. So the irony is that those who seek to protect
the sensitivity of their communications the most are engaging in communications that are
born targetable. Whether or not the government has any specific reason to collect those individual's
communications. I think there's an easy fix to this problem, but maybe we can discuss
that later. And I'll hand it over for now with that vague teaser.
KATHRYN KRUMP, STAFF ATTORNEY, I've been at the ACLU for about eight years
and I've been primarily litigating challenges to government surveillance programs. And that
length of time has given me a little perspective on this. Because for years, members of the
Congress have been saying things like if the American people knew what was actually going
on with some of the NSA related spying programs, they'd be really outraged. But there was no
way to have an honest conversation about what was happening until just recently when Edward
Snowden finally disclosed some of these programs. But there has been such a torrent of information
about the different programs that I think it can be often difficult to try to figure
out what the different specific programs are and what they're doing. So Alex talked about
the PRISM program.
And now I want to spend a few minutes talking about the NSA's domestic collection of all
telephony metadata, why the ACLU thinks there are serious privacy problems with this and
then what we're doing to try to rein in the NSA's surveillance.
So we know now, thanks to reporting by The Guardian and Ed Snowden, that the NSA is collecting
all domestic telephony metadata. It has gone to the Foreign Intelligence Surveillance Court
in Washington, D.C. And it seems that every three months it gets an order authorizing it
to collect telephony metadata from all major U.S. telephone communications company. So
at the end of every day, every telephone call that you make, every telephone call that
you receive, and how long those telephone calls last, get handed over to the government.
This is true for domestic communications. This is not about international communications.
And I think sometimes it's a little bit more complicated than just how they're handled.
some of the government's counter messaging, that fact is being lost. The government has
also tried to argue that metadata isn't sensitive and has made the point, for example, we're
just getting telephone numbers, we're not getting anyone's name. But I think the people
in this room certainly see the flaw in that argument without anyone having to point it
out. It's not just that the government is getting this information, it's that they're
also storing the metadata going back five years. So that's really a truly vast amount
of information about all of the communications all of us engage in. So what is the government
doing with this information? The government says that whenever it has a reasonable articulable
suspicion that there is a selector, which is probably a telephone number, for example,
associated with terrorism, it can query this database for that number and track connections
going out three hops. So the telephone number that calls the telephone number that calls
the telephone number.
When you think about that, it ends up being a sweeping amount of data because if the typical
person has, for example, 40 telephone numbers in their phone, that can sweep in as many
as 2.5 million phone numbers. This, by the way, isn't actually being approved on an individualized
basis by a court. The FISA court has simply approved this general programmatic approach
to surveillance, but there's no supervision of individual pieces of surveillance along
the way. I want to step back for a second and talk about what a major paradigm should
this is. As my colleague Ben mentioned at the beginning, this is about collecting it
all. We haven't previously lived in a world where every single thing we say and do is
capable of being recorded, but that's now the world we live in. And that's exactly what's
happening when it comes to telephony metadata. The government's argument is that it essentially
doesn't implicate a privacy interest for the government to merely collect the data. That
only happens when you look at it. But I think having a record of essentially everyone you
know can have a real chilling effect on who people are willing to communicate with.
The standard under which the government says ‑‑ what is the government's legal argument
here? The government is relying on a section called 215 of the Patriot Act, which says
that it is authorized to collect information that is relevant to certain types of investigations,
generally foreign intelligence or terrorism investigations. And on that relevance definition,
the government has argued that every single phone call all Americans make to their own
are under that definition relevant. Now, that's a pretty broad and sweeping definition
of relevance. One we haven't really seen before. And I think it also poses an interesting conundrum
too that I think is coming up a lot in the era of big data. Does the fact ‑‑ if it
is true that to understand the meaning of one piece of data, you need to have the entire
universe, does that make the entire universe of data relevant? Now, you won't be surprised
to hear that the ACLU objects to this program. We think it raises real privacy problems.
And one of the first orders that was disclosed about the court giving the government access
to this information dealt with Verizon business network services, which is pretty startling
to us because do you know who provides the ACLU's telephone communication? Verizon network
business services. And we sat in our office and we thought ‑‑ taught about all the
people who call us, right? All of the whistleblowers who call us, maybe seeking legal help or protection.
Everyone who calls our offices for help with reproductive freedom services, right? And we
heard — we heard about how
this project was designed to be useful in this context where the access is extremely
limited. And there was a lot of truth in this. So we came up with this available program.
It's not just the basics and we write about it. It is a lot of information. We do a lot
that we have to 2020 take away from it. And so for example, if you want to use the law,
you have to call this website. You have to take all of the instructions down from here. You have to
also to delete all of the data from the ACLU in this because we know that it's sitting
in a database, every phone call we've made for the last five years. The court has scheduled
a briefing schedule for the ‑‑ going through the fall. There's an argument in November.
And so hopefully by the time we're all back here next year, we'll be able to report a
little more. I don't know if any of you had the
privilege to hear Chris Sagoian this morning in the Penn and Teller room.
I made the mistake of getting there at 5 to 12 and you all had the seats already.
So next up, Chris Sagoian. Hi, everyone. So I'm the principal technologist
with our speech privacy and technology team. I joined last fall. For those of you who caught
my talk earlier, the FBI is now in the hacking business. If you didn't catch the talk, I
hope the video will be available at some point. I want to talk ‑‑ for the few
minutes that I have, I want to talk about how the government spies. There are not enough
FBI agents to follow every person. There are not enough NSA employees to read everyone's
e‑mail or to go and directly acquire everyone's communications. The government doesn't have
the resources to directly monitor every American or let alone
every foreigner. But they want to read the communications of every foreigner and they
want to be able to collect information about every American. So they have this problem.
Particularly for drag net style searches where you want to do a keyword search or you want
to do social network analysis, you need everyone's communications. What do you do when you don't
have the manpower to collect everyone's communications? You deputize the telephone and Internet companies.
In some cases with their willing assistance and in other cases against their will. But
you force these companies to help out. Sometimes paying helps to get them to agree. We learned,
for example, one of the documents that Ed Snowden released is a 2009 inspector general
report from the NSA showing that about $100 million in voluntary assistance payments were
made to telecommunications companies to get them to participate.
In some of the domestic metadata programs. $100 million goes a long way when you are
buying the goodwill of companies who are going out of their way to help the government with
its mission. So I want to talk about the role these companies play. Every Internet
company, every telephone company has a team of people who do nothing but respond to surveillance
requests. And I'm not going to talk about how many requests they get because my colleague
Nikki will be talking about that. But I want to emphasize that these companies
provide assistance that enables surveillance that wouldn't be possible without their help.
There would not be a 215 metadata program without the willing assistance of AT&T and
Verizon and reportedly Sprint. It simply wouldn't be possible. There wouldn't be a
program of monitoring the communications of foreigners talking to Americans if the NSA
couldn't get the undersea cable operators to provide access to the communications that
are flowing through the Internet. So I want to talk about that. I want to talk about that.
Can we grow headphones through cables? Can we grow those cable operators through cable
cables? Those with one end with a foreigner and one end with an American or those with
two foreigners and the communications are passing through the United States. The NSA
program depends upon
American communications companies. What's been good is as communications have
have shifted in the last few years from telephone companies to Internet companies, we're starting
to see companies that aren't as happy about being deputized. We're starting to see companies
that are deploying crypto, whether it is HTTPS to protect data over the wire or in some cases
end to end crypto. And really what this is doing is making Dragnet surveillance difficult.
I don't think that we're ever going to be able to put the government out of the surveillance
business. I would personally like to, but I don't think we're ever going to get there.
But I do think we can make Dragnet surveillance impossible. We just have to raise the cost.
We have to make it difficult enough to target one person that they simply don't have the
resources to collect everyone's communications. Crypto can help us get there. Moving from
companies that say yes to Dragnet requests to companies that only say yes to targeted
requests.
I think we're going to be able to do that.
But I really think we need to be thinking not about making it impossible for the government,
but making it expensive. You know, Chris Rock has this joke in which he says that he believes
that guns should be legal and bullets should be a million dollars a piece. And I think
surveillance should be expensive, too. And the problem right now is that the cost of
surveillance is that it's just too damn low. Thank you very much.
Hi, everyone. I'm Nicole. I'm the technology and civil Liberties policy director for the
ACLU of California. So very nice to be back with many of you today.
I just wanted to take a sort of bigger picture for a moment. To understand just how Edward
Snowden's impact has rippled out much farther than NSA spying. Much further than NSA spying.
farther than the docs that he released or the revelations. And just to give everyone a sense
of just how important these revelations have been to getting out the truth about what's really
happening and ongoing efforts by the ACLU and other organizations to really reestablish some
desperately needed and long overdue balance between government surveillance and all of our
personal privacy. So Edward Snowden's actions, in addition to really giving us a sense of what the
NSA has been doing, has finally given us all our real first information on just how often, as
Chris was talking about, that the government, from the lowest levels of police on the street to all
the way up to the highest echelons of the NSA, how often the government is really taking advantage
of anachronistic Supreme Court decisions. And I think that's really important. And I think
he's been allowed to speak. Thank you very much, Mr. Chairman.
The first question is for you. The second question I have for the White House is
nervous or whatever, that they are doing something that they want to do for the white people.
But if we really do think about the threat of illegal things to our people, I'm not sure whether
we're ready to go down that same path. I do not know if I'm ready to go down that same path.
Let me just say that I'm very excited to talk to you today because I think this will
community and that will bring all of us together. And I think that's important. So
I want to ask you all to, this is my first time here and I want you to take it a little bit
for a long time to be a largely unsupervised shopping spree in the treasure trove of data
that online companies are collecting every day about who each of us are, where we go
on a daily basis, who we know, what our concerns are, our habits, our hobbies. And are keeping
that for extremely long periods of time. The ACLU first really started to sound the
alarm about this sort of surveillance industrial complex that had been growing and growing
largely in the dark way back a decade ago in 2003. We knew for a long time that this
was happening, that the government was really reaching into these treasure troves and largely
getting at this data without a warrant, without a judge's permission. But we never had the
facts. The government doesn't need to tell us what's going on. They don't need to tell
the American people how often they're demanding electronic communications that are being
held by these companies, unlike the fact that they have to report how many wiretaps they
issue. They're not required by law to do that. So they weren't doing it, no surprise. And
the companies weren't very interested in telling us either how many times the government was
knocking on their door and asking for really personal data about people. They didn't really
want to give us pause and wonder and worry.
Are we really having sort of a three‑way conversation every time we e‑mail a friend
or pick up the phone? So we knew it was happening, but the facts just weren't there. The companies
largely didn't want to come forward and the government didn't want to give us this information
voluntarily. But post‑PRISM, a lot of what we had known for a long time was finally confirmed.
The companies, in an attempt to actually defend themselves against being said that they had
given a back door to the government and to actually try and assuage the fears of the
public, many of them for the first time released transparency reports that gave some contours
of just how many demands were coming from local law enforcement all the way up the pike.
We had had some companies like Google and Twitter come forward with these reports before,
but post‑PRISM was the first time that folks like Yahoo! and Apple and Facebook and Twitter
and Facebook actually came out with this information as well. And it really confirms what we had
long known, that tens of thousands of requests are coming into these companies, you know,
just in a six‑month basis that's affecting 80, 90, 100,000 different accounts. And if
you think about all the information that Google might have in a particular account,
it could be tons and tons of e‑mails or photos, sort of the whole range of data. So
we know from some of the reports Google and Twitter are actually doing a breakdown of
how many of these demands are actually coming with a warrant and how many of these demands
are really just coming with a subpoena, which a judge often has never seen. And as we expected,
subpoenas are sort of much ‑‑ take the bulk of these things. You know, Twitter recently
reported just a couple of days ago that 56 percent of the demands for the government
are subpoenas.
Only 23 percent are warrants with probable cause. And Google has gotten over 5,000 demands
that are subpoena demands just in the past six months that accounts for over 10,000‑plus
accounts of people. So we're finally starting to see a glimpse into how often the government
is demanding this information, which finally gives us some of the facts to talk to Congress
about how important it truly is to update these laws. So I'm going to turn it over now to our next speaker.
I'm looking forward to that. Hi, everyone. I'm going to go over some of the things that
what we can do to fix those laws and make sure that they do keep pace with the technology
that we are all living in. The fact that we are living our lives online and the government
shouldn't be able to reach in and spy on that personal information without having a
very good reason and going to a judge and explaining it. Thank you.
. So we have one more speaker. We have 15 minutes. We probably will have time
for one more question. Bring the mic to the front.
for a couple of questions. So maybe while my colleague Cade Crockford is speaking, if
some of you want to gather at the microphones, we'll try to take a bunch of questions at
once and use our last ten minutes or so to answer those questions. So go ahead, Cade.
Hey, everybody. My name is Cade Crockford. I work for the ACLU of Massachusetts where
I direct something called the Technology for Liberty Project. And I just want to say to
sort of frame what my colleagues have talked about and what I'm going to say, that over
the past 12 years since 9-11, we've really seen a dramatic shift in the relationship
between the governed and the government. And that is marked by two really problematic features.
One of them is that now we're basically guilty until proven innocent, as these bulk records
collections programs demonstrate. And the second is that, you know, the way that a democracy
should work is that the government is transparent and people have privacy from the government.
Unfortunately, that situation has been radically flipped. So now the government is
equivalent to the government of the United States. So I think that's really important.
It's incredibly secretive, as we know, about its surveillance policies as well as even
about the law in some cases. And the government can, if it wants to, know nearly everything
about us, even if it doesn't have articulable suspicion, probable cause, show evidence to
a judge, all of the sort of, you know, traditional American norms of justice.
So having, you know, framed the conversation in that way, I just want to talk very briefly
about how some little brothers have sprung up over the past 12 years.
So we've heard a lot about Big Brother and some of the corporate surveillance, or the
facilitation of surveillance by corporations. But also, you know, the Department of Homeland
Security and the Department of Justice have over the past 12 years given billions and
billions and billions of dollars to state and local law enforcement to build up a really
robust surveillance and sort of militarized police infrastructure at the state and local
level. And they've done this by funding, you know, the procurement of things like
electronic fingerprint readers at state and local police departments nationwide, face
recognition technologies, as well as something called automatic license plate readers. Can
I just get a show of hand of how many people in this room know what those are? Great. Y'all
are awesome. All right. Yeah. So we just put out a huge report on this, actually. You
can see it at ACLU.org slash plates. Basically what we found is that the state and local
police departments as well as private corporations are operating under the same methodology that
the NSA is.
They want everything. They want to collect it all. They want records of where everyone
has driven, you know, going back, depending on the police department, either months or
years even in some cases. We found that the regulations are all over the map. There
are only five states that have laws in the books about this kind of technology. So in
every other state, it's really up to local police departments to decide how long they
want to keep records of where everyone has driven. And right now, as I'm sure you know,
these cameras are not as ubiquitous as surveillance cameras, as surveillance cameras, as surveillance
cameras, as CCTV. But they will become that ubiquitous. In fact, I'm sure that within
the next 20 years, these cameras will be on every single police cruiser. They'll be at
every single intersection in urban areas. So really it's going to be a situation where
the government is going to be able to warrantlessly track our driving habits retroactively for,
you know, however long they keep this information. So I also just want to tell you very quickly
about ‑‑ so, okay, on the license plate reader tip, private companies, there are these
private companies, one of which is called CCTV. I'm not going to go into all the details,
but it's called Vigilance Solutions. Vigilance Solutions maintains a database called the
National Vehicle Location Service. That database has, at this point, over 1 billion discrete
license plate reads, probably actually much more than that. Those are slightly dated figures
that I'm working off of. And that information is accessible not only to state and local
law enforcement, as well as the FBI, Immigration Customs Enforcement, likely the U.S. military,
but also to other private companies, insurance companies, repo men, tow truck drivers, and
other private companies. So, you know, the corollary between the NSA's surveillance and
collusion with companies like Google and state and local cops colluding with private companies
like Vigilance Solutions is really a very serious problem that, again, as my colleagues
have said, are ‑‑ in the vast majority of cases, state legislatures have not really
stepped up to the plate to deal with. And so that's some of the work that we're trying
to do in the states, is to pass discrete legislation that would, for example, ban the
police from retaining this data for a long time. You know, the ACLU ‑‑ Chris maybe
is the one exception to this, but the ACLU as an organization does not oppose law enforcement
surveillance if they go to a judge and get a probable cause warrant, right? I mean, there
are murderers in the world. There are rapists. People do bad things. If there's evidence
to show that somebody is involved in a criminal activity, then, you know, the judge should
give the cops a warrant to invade that person's privacy. I personally don't like it either,
but I think it's a reasonable ‑‑ it's a reasonable thing to do.
It's a reasonable balance to strike between privacy and security.
But we're seeing a really ‑‑ what we have now is that that probable cause warrant practice
barely exists anymore. The DOJ has said to Congress that it doesn't think it needs
a warrant to read our e‑mails. The DOJ has also said to Congress and to courts that
we have no privacy interest in information showing where we go 24 hours a day that is
communicated through cell site information, through our cell phones.
And I just want to give you really quickly a very brief example of how not only the collect
it all sort of theme has trickled down to the state and local level, but also the state
secrecy itself has really trickled down in a very dangerous way. And that is a case
that we had a couple years ago during Occupy Boston. Somebody decided to pick a fight with
the cops and put together a paste bin with information about Boston Police Department
officers that was all publicly available. This person didn't do anything illegal, but
just put it all together in one sort of database and put it on paste bin while the DA in Suffolk
County where I come from did not like that whatsoever. And so they went after this person.
They sent what's called an administrative subpoena to Twitter. This is not a warrant.
It's no judge ever sees this piece of paper. Subpoenas are just pieces of paper that prosecutors
fill out and give to companies like Google, Microsoft, Twitter, Facebook. So Twitter
is one of very, very few companies that actually stands up for its users on a routine basis
when they get these subpoenas.
And they do that by informing the person who is targeted that a subpoena has been filed,
that prosecutors are seeking information about them. So what happened was this person
came to us at the ACLU of Massachusetts and said the DA in Suffolk County wants my information
and I'd like to remain anonymous. So we took the case. It was incredible what happened
after that. This is a very low level issue. This is not some like Al Qaeda national security
issue. But we had a Pipsqueak ‑‑ I'm just going to say that. We had this Pipsqueak
DA in Suffolk County telling a judge, you know, holding ex parte hearings, which essentially
means that the government is giving information to the judge in secret that not even our attorneys
could see, right? So secret proceedings. And to this day, two years later, those records
are secret. They were sealed. The prosecutor asked that these records be sealed. So I mean,
you know, it's just incredible abuse of power is going on at all levels of government. And
I think that's it. People probably have a lot of questions. I would just say please
support the ACLU if you care about these issues because we are really working in every
state. We work on a range of issues as my colleague said from choice to privacy and
everything in between. So thank you for coming. I appreciate it.
So ‑‑ so I see six people standing. We have nine minutes, maybe seven. The only
way we are going to make this work is if people speak for 30 seconds and it's going
to ask a question. If you have statements for us, we'll be at the table this afternoon.
You will not believe my ability to violate your right to free speech if you go beyond
30 seconds. I'm really good at it. So let's start here. But really, we don't want to
hear your story. Is the mic on? Yes. Okay. I'm Mike Doherty
from Atlanta. And I was going to ask you about the judicial system. I actually am under federal
investigation for data security practices. So go to the devilinsidethebillway.com. And
you'll see my book coming out September 17th. But you're ‑‑ I'm going to ask you about
the judicial system. It is amazing. And the judicial system I find incredibly, incredibly
behind. And judges don't want to deal. So how do you deal with the judges that don't
want to deal in the judicial system that is just so far behind and just looking the other
way? Okay. Let's hear the next one. We're going to take them all and then we're going
to answer. Go ahead. My name is Dana Morrow. I'm from San Antonio, Texas. These issues
come up. I'm concerned. So I write my congressman and my representative like I'm supposed to
or I'm told to do. Yeah.
I make phone calls. I leave messages. All I get is the ‑‑ excuse me? Okay. Well,
the question is ‑‑ What can I do?
How can I get a better response than thank you for being a concerned citizen. We'll get
back to you. I don't ever get a response. Okay. Citizen empowerment. Next, quickly.
So what about me? I'm not American. I'm a foreigner. Obviously I use American services
all the time.
Am I suspicious just because I'm a foreigner? That's my question.
Okay. Go ahead. Thank you.
We're going to go over here. Any thoughts or remarks on Senator Wyden's
recent speech and his frequent allusions to a potential or hypothetical geolocation
tracking program? Yeah, yeah, totally.
Okay. Hints of geolocation tracking by the NSA. Quickly. Next. 2006, 2007, I assisted
most of the telecommunications system in the United States. I was involved in the
communications companies in the country installing Cisco TAP MIBs and Norris probes
as part of the communications act for law enforcement, also known as CALEA. That was
all done on their dime. And I believe one of the speakers mentioned that they were being
subsidized. So I'm curious to know how we know that that's being subsidized by the federal
government as opposed to being picked up by the carriers.
Come talk to us at our table, please. Yeah. Go ahead.
How can people get access to this stuff through ‑‑ for civil matters? Civil matters? Civil
law suits. Okay. And, again, most of these answers
are going to be provided at our makeshift A part of the Q&A at our table in the vendor
area. But go ahead. I didn't hear anything on LexisNexis or
fusion centers. Yeah. Come talk to me at ‑‑ yeah.
Okay. Yeah. Well, okay. So fellow panelists, there are a range of things that you can weigh
in on. I hope someone at least will say something about the feeling of helplessness. I'm going
to ask you about the feeling of helplessness that citizens have who write to their legislatures
because it seems to me that we are in a pretty unique moment where we are being heard. But
go ahead. So I will respond to two of the things.
If Wyden could ‑‑ so Senator Wyden has been warning about the NSA's abuse of its
surveillance powers for several years. And most recently he's been specifically highlighting
the issue of location. He said ‑‑ he gave a speech last week in which he said the word
location five times. If he could signal any more clearly, I don't know what it would look
like. Right now, I don't know what it would look like. I don't know what it would look
like. But right now he's basically standing on a stool waving his hands, jumping up and
down. So I think there's something location related that he's trying to tell us about.
And I hope we will find out what that is. To Miko's question about foreigners, it's
not that you're suspicious. It's just that you're fair game. Foreigners don't vote in
Kansas. And so U.S. law doesn't protect the communications of non‑Americans. That's
really unfortunate. I think if we ‑‑ if we were going to see change there, it's not
going to be because in the end, we're going to be in a state where we're going to be in
a state where individuals are writing to their members. It's going to be because companies
are complaining they're losing out on contracts in Europe and Asia. If the cloud computing
companies want to salvage their foreign business, we're going to need to see a big change in
the law or they're going to need to start using end‑to‑end crypto where you don't
care about government access to data. Alex?
So just quickly on what you can do. A week and a half or two weeks ago, there was an
incredibly important vote in the house about whether ‑‑
whether the government was going to rein in the NSA's bulk collection of our phone records.
And surprisingly ‑‑ I mean, unsurprisingly, the vote lost. But surprisingly, it was very
close, 217 to 205 votes. And a big part of the reason why the vote was so close is because
literally thousands of people called their representatives and urged them to vote in
support of the bill that would have reined in the NSA. That support matters more than
you know, more than I knew up until a few weeks ago. If you have any questions about
it, you should really talk to Kevin Bankson at the Center for Democracy and Technology.
Who has been doing some incredible work on this and can speak to how effective it is
for you to call your representatives. And I'd just like to say for those of us
who are in California, we know how difficult Feinstein has been on these issues. She's
been a huge supporter of the NSA and has just been intractable for years and years. A couple
of days ago, Feinstein actually said, hmm, maybe there need to be some changes. So, you
know, and we also saw President Obama meeting with top legislators just a couple days ago
saying that he's open. He's open. He's open. He's open. He's open. He's open. He's open.
He's open. He's open. He's open to suggestions. So, you know, we have finally sort of started
to turn the tide in Washington, D.C. based on the fact that members of the public have
picked up the phone, have responded to those emails from the ACLU and have started to
meet actually with their members of Congress. So it is making a huge difference. We've talked
a lot about sort of how we got to this point and the problems that we're seeing. But we're
at a really crucial point to turn the tide on these issues. And I really hope that any
Anyone in the audience who has not picked up the phone and called their members of Congress
or stopped by our booth and filled out the action alert, please do it because we can
change this.
We really can.
This is a predictable and self-serving note to end on, but it matters a lot for you to
become members of the ACLU.
And I mean it.
I mean it.
You know, we have between 600,000 and 700,000 ACLU members nationwide.
The NRA has over 4 million members.
If all of you who had an affinity for the ACLU were members of the ACLU, we would have
a lot more voice, a much louder voice in Washington.
I'm not saying that to denigrate the NRA.
For those of you who are supporters, they're a very effective organization in support of
what they do.
We can be even more.
Help us be that effective.
Yeah.
No, no.
Seriously, it matters a lot to have a large civil society counterweight to the kinds of
developments that we've been talking about today.
So please come by.
Get our special edition DEF CON Fourth Amendment T-shirt.
Join the ACLU.
Continue the conversation.
Thank you so much for joining us today.
Thank you.
